| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: badpack3t at security-protocols.com (badpack3t) Subject: MyServer 0.4.3 Denial Of Service Read my advisory just a little bit closer. Those you mention below are for 0.4.1 and 0.4.2. The issue I found is much different, and is on version 0.4.3. -badpack3t www.security-protocols.com > ummm... is this a redux? > > http://exploitlabs.com/files/advisories/EXPL-A-2003-012-myServer.txt > July 5 2003 and > http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-07/0047.html > and > http://lists.insecure.org/lists/bugtraq/2003/Jun/0181.html June 21 2003 > > unless you have got a remote shell or other compromize, this is a known > issue > > > Donnie Werner > http://exploitlabs.com > > > > ----- Original Message ----- > From: "badpack3t" <badpack3t@...urity-protocols.com> > To: <badpack3t@...urity-protocols.com> > Sent: Monday, September 08, 2003 1:29 PM > Subject: [Full-Disclosure] MyServer 0.4.3 Denial Of Service > > >> SP Research Labs Advisory x06 >> --------------------------------- >> www.security-protocols.com >> >> MyServer 0.4.3 Denial of Service >> --------------------------------- >> >> Download it here: >> http://myserverweb.sourceforge.net >> >> Date Released - 09/08/2003 >> >> ------------------------------------ >> Product Description from the vendor: >> MyServer is a free and easy to configure web server. MyServer is >> licensed under the GNU General Public License (GPL). See the license >> page for additional info. MyServer is in continuous development and >> new features will be present in future releases. Go here to see the >> latest news from the MyServer project. It is available for windows >> and linux platforms. MyServer's principal goal is to create a free and >> simple powerful server to allow everyone to transform his home PC in a >> server and be you own webmaster with few clicks and share information >> easily with all the world! >> It is a multithread application that support multiprocessor machines, >> in >> this way can be appreciated for professional uses too. >> >> --------------------------- >> Vulnerability Description: >> >> A denial of service (could possibly be exploitable) vulnerability >> exists within MyServer 0.4.3. >> >> 2.2.10.0. Please see the exploit code for the malicious payload as it >> is to large to post within the email. Once the malicious payload has >> been sent, the web server will crash giving a runtime error. If you >> have found out that this is indeed exploitable, please send me an >> email if you don't mind. >> >> Advisory Link: >> >> http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0 >> >> Tested on: >> >> Windows XP Pro SP1 >> Windows 2000 SP3 >> >> ---------------------------- >> Download the exploit here: >> >> http://fux0r.phathookups.com/coding/c++/sp-myserver.c >> >> peace out, >> >> ---------------------------- >> badpack3t >> founder >> www.security-protocols.com >> ---------------------------- >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists